cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
222
Views
0
Helpful
4
Replies
Highlighted
Beginner

ESA Mail Policies: Anti-Spam and the "Prepend" action on message subject

Dear support forum.

This may be a quick one.

Email hits a policy (as per screenshot), gets delivered ti user as expected, but the [SUSPICIOUS] prepend is not added to the subject line. 

How to investigate/fix this?

Thanks,.

 

ESA.jpg

4 REPLIES 4
Highlighted
Participant

Re: ESA Mail Policies: Anti-Spam and the "Prepend" action on message subject

Can you get the SMTP header information from the recipient ?

I am mainly interested in the Ironport X headers information like

 

X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0H+AQBGKDlehwXMStBlHgEbDIFwC4E?=
=?us-ascii?q?lfwFweAQuB4QUg0mNWYc9kgAUgSsyCgkBAQEBAQEBAQEgAQkNAQECgQKDPAK?=
=?us-ascii?q?CUgwFKwkOAgMBAQEDAgUBAQEDAQEBAgEBAQMCAQEBAQIQAQEBCgsJCClPAWA?=
=?us-ascii?q?BQIFHgTcNCQYDAS8MgjsFAgMYDmsvCTgBAQEBAQEBAQEBAQEBAQEBAQEBAQE?=
=?us-ascii?q?BAQEBAQEBAQEMAg1UJiMBSAohRhcOBBYDAjMVCSEUCQSDBQGDAwerMgEBAXO?=
=?us-ascii?q?BMoN9OAELAQoPhDaBPoEhF4YCiDqBRIJgPoI9GwwBAQEBBhSBFAERAgEOX4J?=
=?us-ascii?q?DF4ItGgSKVgGMYkaXZIJFfIFShHuPFYIbLXiHFoQPjCOQLIYZgQOFKohwhhN?=
=?us-ascii?q?4KXFNI4JUaAlEAQIBAQENAgEBAQIBAgIBBwEBAgGOM4NZhVaFHlMCAQEBAga?=
=?us-ascii?q?McoFqAQE?=
X-IPAS-Result: =?us-ascii?q?A0H+AQBGKDlehwXMStBlHgEbDIFwC4ElfwFweAQuB4QUg?=
=?us-ascii?q?0mNWYc9kgAUgSsyCgkBAQEBAQEBAQEgAQkNAQECgQKDPAKCUgwFKwkOAgMBA?=
=?us-ascii?q?QEDAgUBAQEDAQEBAgEBAQMCAQEBAQIQAQEBCgsJCClPAWABQIFHgTcNCQYDA?=
=?us-ascii?q?S8MgjsFAgMYDmsvCTgBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEMA?=
=?us-ascii?q?g1UJiMBSAohRhcOBBYDAjMVCSEUCQSDBQGDAwerMgEBAXOBMoN9OAELAQoPh?=
=?us-ascii?q?DaBPoEhF4YCiDqBRIJgPoI9GwwBAQEBBhSBFAERAgEOX4JDF4ItGgSKVgGMY?=
=?us-ascii?q?kaXZIJFfIFShHuPFYIbLXiHFoQPjCOQLIYZgQOFKohwhhN4KXFNI4JUaAlEA?=
=?us-ascii?q?QIBAQENAgEBAQIBAgIBBwEBAgGOM4NZhVaFHlMCAQEBAgaMcoFqAQE?=
X-IronPort-AV: E=Sophos;i="5.70,398,1574139600";
d="scan'208,217";a="376376682"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-IronPort-SBRS: 3.5
X-IronPort-Source: Inbound
X-IronPort-SPF: Suspect
X-IronPort-URL: Pass

Highlighted
Beginner

Re: ESA Mail Policies: Anti-Spam and the "Prepend" action on message subject

Hi and thanks for your help.
This is the header information:

X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0H1egCgezheh4LcayhlGQEBAQEBASg?=
=?us-ascii?q?BAQEBAQEBAQEBAQEEAQEBAQEBAQEBAQGBYYE0CgIBAQEBAQ1QAXADcgMEIRS?=
=?us-ascii?q?HWAIDhRcjhT+GTY8/gjmCKYJSAxgcIAEIAQEBAQEBAQEBBgEBIA8BAQKENAE?=
=?us-ascii?q?JIC4BCIF9BQIENBMCAwEMAQEBAwEBAQIBAgMEAQECEAEBAQgNCQgphT4Mgik?=
=?us-ascii?q?SImoPLwkMAQEBAQEBAQEBJAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQE?=
=?us-ascii?q?BAQEBAQEBAQUCCFQrBR4BNyQKAQE4HgGBMSKDBAGCSgMuAQICAQmhaQKBOYh?=
=?us-ascii?q?hAQGCJoJ/AQEFgS8Bg2cYQAEJgUIJCQGBLAIBAQEBAQEBiQJSgl+CAIE4hC6?=
=?us-ascii?q?BRxkCAhopgU0ghSGNUItnlDWBegcDgWdUhieBH450IYI4AYEHizeMEZZ0VI4?=
=?us-ascii?q?bhBgCBAIEBQIOAQEEAYE1NIF7chODJwkKPRgNjjUCg1mKU3QCAQEBBo4iXAE?=
=?us-ascii?q?B?=
X-IPAS-Result: =?us-ascii?q?A0H1egCgezheh4LcayhlGQEBAQEBASgBAQEBAQEBAQEBA?=
=?us-ascii?q?QEEAQEBAQEBAQEBAQGBYYE0CgIBAQEBAQ1QAXADcgMEIRSHWAIDhRcjhT+GT?=
=?us-ascii?q?Y8/gjmCKYJSAxgcIAEIAQEBAQEBAQEBBgEBIA8BAQKENAEJIC4BCIF9BQIEN?=
=?us-ascii?q?BMCAwEMAQEBAwEBAQIBAgMEAQECEAEBAQgNCQgphT4MgikSImoPLwkMAQEBA?=
=?us-ascii?q?QEBAQEBJAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQUCC?=
=?us-ascii?q?FQrBR4BNyQKAQE4HgGBMSKDBAGCSgMuAQICAQmhaQKBOYhhAQGCJoJ/AQEFg?=
=?us-ascii?q?S8Bg2cYQAEJgUIJCQGBLAIBAQEBAQEBiQJSgl+CAIE4hC6BRxkCAhopgU0gh?=
=?us-ascii?q?SGNUItnlDWBegcDgWdUhieBH450IYI4AYEHizeMEZZ0VI4bhBgCBAIEBQIOA?=
=?us-ascii?q?QEEAYE1NIF7chODJwkKPRgNjjUCg1mKU3QCAQEBBo4iXAEB?=
X-IronPort-AV: E=Sophos;i="5.70,398,1574118000";
d="scan'208";a="1079821"


The following headers are not listed at all.
X-Amp-Result:
X-Amp-File-Uploaded:
X-IronPort-SBRS:
X-IronPort-Source:
X-IronPort-SPF:
X-IronPort-URL:
Highlighted
Cisco Employee

Re: ESA Mail Policies: Anti-Spam and the "Prepend" action on message subject

Hello,

 

It's only going to prepend [SUSPICIOUS] if the email is flagged as Suspect Spam. Was this the case?

 

Thanks!

-Dennis M.

Highlighted
Participant

Re: ESA Mail Policies: Anti-Spam and the "Prepend" action on message subject

Can you sent my by private email the PDF of the full message tracking of this message in question.